Cisco features ISE and license terms

Similar Questions

• Cisco CERT ISE and PEAP

  Someone knows where you load the certificate for PEAP CA if you use ISE as radius server?

  Hello George,.

  Refer to:

  Adding a certificate authority certificate

  http://www.Cisco.com/en/us/partner/docs/security/ISE/1.0.4/user_guide/ise10_man_cert.html#wp1053515

  Step 1 Choose Administration > system > certificates.

  Step 2 Navigation pane of the operations of certificate on the left, click certificate authority certificates.

  The certificate authority certificates page appears.

  Step 3 Click Add.

  I hope this helps.

  Kind regards.

• Cisco ISE and Meraki RADIUS

  I am very new to Cisco ISE and Meraki.  I try to get the Radius configuration for wireless authentication.  When I do a test of the Meraki to ISE, it passes.

  When I try to connect from my laptop, I look at the logs of the Radius and it passes; However, it does not connect me to good policy.  I keep hitting the default policy.  I have my Meraki police above the default policy in the strategy defined in article.  I have attached what looks like my strategy game.

  Devices does not really matter. Here is what I see when I create a device group (where you add the access point to this group), and then create the condition:

  networkdevicegroups.PNG

  

  And here is where I create the condition of strategy game and you should be able to select the Meraki access points:

  devicecondition.PNG

  

  This will give you the condition similar to what I posted above. This is perhaps why you aren't hit that is not matching the condition for this game.

• Cisco ISE and WLC Access-List Design/scalability

  Hello

  I have a scenario that wireless clients are authenticated by the ISE and different ACL is applied depending on the rules in the ISE. The problem I have seen is due to the limitation on the Cisco WLC that limit only 64 input access list. As the installer has only a few IVR/interfaces and several different access lists are applied to the same base on user groups interface; I was wondering if there may be an evolutionary design / approach according to which the access list entries can evolve next to create a vlan for each group of users and apply the access list on the interface of layer 3 instead? I illustrated the configuration below for reference:

  Group of users 1 - apply ACL 1 - on Vlan 1

  User 2 group - apply ACL 2 - on the Vlan 1

  3 user group - apply ACL 3 - on the Vlan 1

  The problem appears only for wireless users, he does not see on wired users as the ACLs can be applied successfully without restriction as to the switches.

  Any suggestion is appreciated.

  Thank you.

  In fact, you have limitations on the side of the switch as well. Long ACL can deplete resources AAGR of the switch. Take a look at this link:

  http://www.Cisco.com/c/en/us/support/docs/switches/Catalyst-3750-series-switches/68461-high-CPU-utilization-cat3750.html

  The new WLCs based on IOS XE and not the old OS Wireless/Aironet will provide the best experience in these matters.

  Overall, I see three ways to overcome your current number:

  1. reduce the ACL by making them less specific

  2 use L3 interfaces on a switch L3 or FW and the ACL is applied to them

  3. use the SGT/SGA

  I hope this helps!

  Thank you for evaluating useful messages!

• Reference Dell EqualLogic HIT/VSM - VMware license terms.

  Hello.

  I read the release notes of Virtual Storage Manager 4.0, vSphere, conditions of licence, they are required:

  License terms for vSphere
  VSM comes with licenses and the following features:

  VSM: VSphere license any

  VASA: vCenter 5.0 or later version, ESXi 4.0 or later, any vSphere license
  In addition, the storage array firmware allows use the following features that VSM is installed:

  vStorage API for integration (VAAI) table: business, Enterprise Plus on ESXi license
  4.1 or later.

  Issues related to the:

  1. I'll be able to run VSM with vSphere Essentials Plus? VAAI at least requires vSphere Enterprise License. What are the consequences if I deploy with vSphere Essentials Plus.

  2 VSM supports ESXi 5.5 U2?

  Thank you

  Paul

  VASA is a feature you don't need basic VSM features.  Which is what the release notes are trying to say.   VASA allows VMware request more information on storage volumes.   I.e. through VASA VCS calls can show that a volume is RAIDed storage, integrates snapshots or replicas.   Currently, the usefulness of the VASA is limited, even when it is available.   VASA is the first step to VMware to better understand a storage array capabilities. More features will be coming in future versions of ESXi.

  However, to make the VASA work any, the storage provider must provide software 'glue' for specific HW calls of a query of VCS.   VSM, is what has the code, known as a "provider of VASA.   A translator of sorts.

  Kind regards

• Cisco 891 - k9 VPN license

  Hello

  I just bought a Cisco 891 - k9. I bought it to learn how to configure the site to site VPN. below are my "sh version' and 'license sh. Can someone explain to me if I have the opportunity to set up the VPN. Also, if anyone can point me in a direction where I can find out what are the exact specifications made my IOS support and license. I bought this router used, and doesn't know what image and license are on the new router. Thank you!

  =============================================================================================

  yourname (config) #do sh version
  Cisco IOS software, software C890 (C890-UNIVERSALK9-M), Version 15.0 (1) M4, VERSION of the SOFTWARE (fc1)
  Technical support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Updated Saturday, October 29, 10 00:19 by prod_rel_team

  ROM: System Bootstrap, Version 12.4 YB3 (22r), RELEASE SOFTWARE (fc1)

  yourname uptime is 20 minutes
  System to regain the power ROM
  System image file is "flash: c890-universalk9 - mz.150 - 1.M4.bin.
  Last reload type: normal charging

  This product contains cryptographic features and is under the United States
  States and local laws governing the import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third party approval to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. laws and local countries. By using this product you
  agree to comply with the regulations and laws in force. If you are unable
  to satisfy the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:
  http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

  If you need assistance please contact us by mail at
  [email protected] / * /.

  Cisco 891 (MPC8300) processor (revision 1.0) with 498688K / 25600K bytes of memory.
  Card processor ID FTX15040E4B

  9 FastEthernet interfaces
  1 gigabit Ethernet interface
  Serial 1 interface
  1 line of terminal
  1 module of virtual private network (VPN)
  256K bytes of non-volatile configuration memory.
  244440K bytes of ATA CompactFlash (read/write)

  License info:

  License IDU:

  -------------------------------------------------
  Device SN # PID
  -------------------------------------------------
  * 0 CISCO891-K9

  Information about the license for "c890.
  License level: advipservices Type: Permanent
  Next reboot license level: advipservices

  Configuration register is 0 x 2102

  =========================================================================================

  votre_nom #sh lic
  * 00:56:54.739 Feb 25: % SYS-5-CONFIG_I: configured from console by cisco on consolee
  votre_nom license #sh
  1 function of the index: advipservices
  Time left: life
  License type: Permanent
  The license status: Active, in use
  Number of licenses: not counted
  License priority: medium
  Function index 2:-ips-updated ios
  Period of opportunity: 0 minute 0 second
  License type: assessment
  Start date: N/a, end Date: December 31, 2025
  The license status: don't use, not accept EULA
  Number of licenses: not counted
  Priority of license: no
  Index 3 function: SSL_VPN
  Time left: not enabled
  Period of opportunity: 0 minute 0 second
  License type: assessment
  The license status: don't use, not accept EULA
  Number of licenses: 100/0/0 (active/in-use/Violation)
  Priority of license: no

  ===========================================================================================

  Sitnikov - Ignat

  According to the data sheet of the product, the default license is Advanced IP services. This seems to be what you have. The Office IPS and SSL VPN is an update of license.

  You should be able to build an IPSec tunnel with another router by following the steps in the CLI in the Setup Guide. You can also do this via the user interface using Cisco Configuration Professional (CCP). Several times first users are struggling a bit by using only the CLI - I would suggest using the you GUI and then analyze the resulting configure script to understand the various components of a VPN configuration

• Turn Windows features on and off does not.

  I installed a Dell Windows Vista on my XP Home existing, I found that I couldn't access the games.  I tried to use "Turn Windows Features on and outside" to turn them on, but I got an error.  I then discovered that it doesn't seem to work on any programs.  I also tried running "sfc/scannow" which seemed to run correctly except that he said he couldn't fix all the files.  Is there a problem with the help of a Dell installation on a Dell disc?  The seller told me that he would not be a problem.  Should I recharge with a new facility If Yes, do I lose all my data and programs?  Thanks for any help you can give me.  Dave Gilbert

  " Is there a problem with the help of a Dell installation on a Dell disc?  The seller told me that he would not be a problem.  Should I recharge with a new facility "If so, I'm going to lose all my data and.

  Yes, there is.

  The Dell disk/Vista license is bound to the original Dell computer on which it is installed.

  And the Vista license is non-transfereble.

  See you soon.

  Mick Murphy - Microsoft partner

• Installation of Windows 8.1 HP 15-r014TU laptop - cannot find 3668Microsoft Software License Terms

  I just bought a laptop HP 15 - r014TU, which comes with FreeDOS as I bought a Windows license 8.1 contract a student on campus.

  I used the official Windows USB Setup program to make a USB bootable ISO file. It starts fine, but after you select the installation option, I got an error that says "Windows cannot find the Microsoft Software License Terms. "Make sure that the installation sources are valid, and restart the installation. It looked like this:

  

  How can I solve this problem?

  It turns out that it was a problem with the installation media.

  8.1 for Windows has been installed successfully.

• Cisco Feature Navigator working for anyone?

  I try to use the Cisco feature Navigator , but it doesn't seem to work.

  The site of the charges but I can't select all the options (by clicking on the arrows of selection does nothing).

  I tried several browsers (chrome, IE and Firefox) to several different computers, but the result is the same.

  Hello

  This works for me to (using Chrome).

  http://Tools.Cisco.com/ITDIT/CFN/JSP/index.jsp

  See you soon!

  SoC

• Installation of ISE and ACS

  Hi all

  I have a problem to install ISE and ACS on VM server. Linux Redhat Enterprise is detected by the system when the iso file is selected.

  But some dependencies of the package are noticed as openssl kernel-devel or cisco...

  The installation will stop from print virtual daemon.

  Any help!

  OK, I recommend:

  1. check that all the VM gusts are configured to meet the required specifications (RAM, CPU, disk space, etc.)

  2 re - download the ISO file and try the installation again

  3. download and try OVA

  Let us know how it goes :)

  Thank you for evaluating useful messages!

• ISE and AirWatch MDM integration

  I have been using ISE with the integration of AirWatch for over a year.  Recently, it seems that AirWatch has updated their certificates and now I can't get ISE and AirWatch to communicate.  I can access the AirWatch API URL through a browser, and I see that the browser uses TLS 1.2.     According to TAC, Cisco, ISE does not support TLS 1.2.  I have cases open with two TACS, but have yet to find a resolution.

  Someone at - it ISE / Airwatch integration currently work?

  Wes,

  I have a client who had what sounds like the same issue.  It came down to AirWatch change the host he was using. It was a long journey to get to the right answer but when AirWatch changed host, things started working again.  It took several calls with AirWatch until someone had the idea to make this change.

  Hope that helps.

  Tim

• 1.2 of the ISE and made maximum PSN supported in my Persona config

  Hello people, I am setting up a way large-scale distributed of ISE and I was wondering if anyone could tell me what the maximum number of PSN is allowed in this configuration.   I was reading through an older training document with version 1.1 and suggested 5, that's why I wonder if the specs changed on 1.2 but I can't find them anywhere to practice.

  I have a large virtual machine running the MAIN admin character who is also secondary to my report & follow-up in my main data centre.

  In another State (bound to 10G) is another large VM acting as my character high school admin with primary oversight & reports.

  Across several States I want to have multiple Ssnp through geographic patterns of each State, but I don't know if I can put across enough with my current version of 1.2 and my persona config Ssnp listed above.    I need about 12 to 15 Ssnp.

  I was wondering if I need two VMs more out of my control as a node in DC1 and secondary surveillance in DC2 for more extensibility PSN.

  Any help would be greatly appreciated.

  -Thank you

  As Marvin suggested, I would look at using 1.3 at this point, unless you have any specific concerns of this version and I really want to stay with 1.2. That being said, here are my recommendations/comments:

  -Two v1.2 and v1.3 fits in fact up to 40 knots PSN

  -If none of the nodes of your PSN will be put in the same place and are layer 2 adjacent I recommend putting them in a group node and behind a load balancer. If you do not have a load balancer, I would always put them in a node group. At this time a node group can have up to 10 PSN

  -If you have 10-15 knots PSN then you should spend 2 nodes for specifically for the character of monitoring

  -The period of maximum round trip between all nodes must not exceed 200 ms

  For more information, you can always reference the "Network deployment" section in the installation guide material for ISE:

  v1.3

  http://www.Cisco.com/c/en/us/TD/docs/security/ISE/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_chapter_00.html

  v1.2

  http://www.Cisco.com/c/en/us/TD/docs/security/ISE/1-2/installation_guide/ise_ig/ise_deploy.html

  Thank you for evaluating useful messages!

• Difference between ISE and NAC?

  Dear all,

  Can you please help to understand difference ISE and NAC?

  Thank you

  Eve.

  ACS + NAC Profiler + comments the NAC + Manager = EHT NAC NAC Server

  ISE does:

  Centralized strategies
  RADIUS server
  Evaluation of posture
  Guest access services
  Profiling feature
  MDM
  Monitoring
  Troubleshooting
  Reporting

• Profilinh ISE and Thin Clients

  I have 1.2 ISE and HP T610 customer light on the network

  802.1 x authorization works correctly, but clients are looming as HP-devices generics or HP printers

  I don't know how to create a strategy profiling custom for device "HP Thin Client.

  What conditions YES to assign customers HP T610?

  Thanks in advance,

  Vice

  Refer to the Profiler service to power down

  http://www.Cisco.com/c/en/us/TD/docs/security/ISE/1-2/user_guide/ise_user_guide/ise_prof_pol.html#wp1891315

  Profile services food application for permit in advance

• Some feature ISE questions

  Hello guys,.

  I am relatively new to the ISE and would like to get some answers on the features and the administration, I could not find in the documentation. Would be great if you could help me :-).

  1. I would use MAB to printers and other devices of dot1x cabable not

  -Are there a way to automate the collection of MAC address? Otherwise I would manually create identitys for each unique device (like a wizzard or something, not .csv)

  -Si MAB is used, ISE has something as a feature of timestamp, where I can detect the devices 'dead '.

  2. we use private for guest access VLAN (just isolated or protected port on 2960 s)

  -Dynamic VIRTUAL local network port configuration works with ISE?

  Thank you and best regards,

  Tarek

  Hi Tarek,

  In regards to Automation collection of MAC addresses to be used for the MAB, there is not an integrated ISE for this solution. However, you could reduce the amount of work you'd have to do by doing something like sticky with port-security Mac first catch a MACs, then pull them right off the config to ISE manually. Even easier, clearing your arp cache and pull them out after it rebuilds. Do a little cleaning and there you go. It is not as automated as you prefer, but it is better than doing just one by one.

  For the PVLANs, I can't speak with confidence, but I can say that I do not believe it can dynamically assign PVLANs. I guess it's possible, but I saw nothing of if this has been done. I don't think that it can dynamically build the necessary to PVLANs associations. I would like to say that I was wrong on this one, but.

  Hope that helps,

  Ryan